CVE-2004-0271
published 2004-11-23CVE-2004-0271: Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name…
PriorityP423medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.11%
79.5th percentile
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maxwebportal | maxwebportal | — | — |
| maxwebportal | maxwebportal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Maxwebportal 1.3x - Personal Message 'SendTo' Cross-Site Scripting
exploitdb·2004-02-10
CVE-2004-0271 Maxwebportal 1.3x - Personal Message 'SendTo' Cross-Site Scripting
Maxwebportal 1.3x - Personal Message 'SendTo' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9625/info
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.
POC-Avatar
Exploit-DB
Maxwebportal 1.3x - 'down.asp' HTTP_REFERER Cross-Site Scripting
exploitdb·2004-02-10
CVE-2004-0271 Maxwebportal 1.3x - 'down.asp' HTTP_REFERER Cross-Site Scripting
Maxwebportal 1.3x - 'down.asp' HTTP_REFERER Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9625/info
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.
">Back
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107643014606515&w=2http://www.securityfocus.com/bid/9625https://exchange.xforce.ibmcloud.com/vulnerabilities/15120https://exchange.xforce.ibmcloud.com/vulnerabilities/15122http://marc.info/?l=bugtraq&m=107643014606515&w=2http://www.securityfocus.com/bid/9625https://exchange.xforce.ibmcloud.com/vulnerabilities/15120https://exchange.xforce.ibmcloud.com/vulnerabilities/15122
2004-11-23
Published